﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Data;
using System.Data.Common;

namespace GodSoft.Code
{
    /// <summary>
    /// 权限模块
    /// </summary>
    public class PermissionAccess
    {

        public PermissionAccess(){}

        /// <summary>
        /// 判断用户是否拥有操作权限
        /// </summary>
        /// <param name="currentUserID">当前用户ID</param>
        /// <param name="requestUrl">请求访问的Url</param>
        /// <param name="requestType">HttpGet或HttpPost</param>
        /// <param name="hasPermission">是否拥有操作权限(int型)</param>
        /// <returns></returns>
        public static bool UserHasPermission(int currentUserID, string requestUrl, string requestType)
        {
            
            DbCommand comm = GenericDataAccess.CreateCommand();
            //权限验证存储过程
            comm.CommandText = "PermissionValidation";
            // create a new parameter
            DbParameter param = comm.CreateParameter();
            param.ParameterName = "@currentUserID";
            param.Value = currentUserID;
            param.DbType = DbType.Int32;
            comm.Parameters.Add(param);
            // create a new parameter
            param = comm.CreateParameter();
            param.ParameterName = "@requestUrl";
            param.Value = requestUrl;
            param.DbType = DbType.String;
            comm.Parameters.Add(param);
            // create a new parameter
            param = comm.CreateParameter();
            param.ParameterName = "@requestType";
            param.Value = requestType;
            param.DbType = DbType.String;
            comm.Parameters.Add(param);
            // create a new parameter
            param = comm.CreateParameter();
            param.ParameterName = "@hasPermission";
            param.Direction = ParameterDirection.Output;
            param.DbType = DbType.Int32;
            comm.Parameters.Add(param);
            //执行存储过程
            GenericDataAccess.ExecuteNonQuery(comm);

            int hashasPermission=Int32.Parse(comm.Parameters["@hasPermission"].Value.ToString());
            if (hashasPermission>0)
                return true;
            else
                return false;

           
        }

        public static DataTable GetActionInfoByUserID(int currentUserID)
        {
            
            DbCommand comm = GenericDataAccess.CreateCommand();
            comm.CommandText = "GetActionInfoByUserID";
            DbParameter param = comm.CreateParameter();
            param.ParameterName = "@currentUserID";
            param.Value = currentUserID;
            param.DbType = DbType.Int32;
            comm.Parameters.Add(param);
            DataTable table = GenericDataAccess.ExecuteSelectCommand(comm);
            return table;
        
        }
        public static DataTable GetActionInfoByRoleID(int currentRoleID)
        {

            DbCommand comm = GenericDataAccess.CreateCommand();
            comm.CommandText = "GetActionInfoByRoleID";
            DbParameter param = comm.CreateParameter();
            param.ParameterName = "@roleID";
            param.Value = currentRoleID;
            param.DbType = DbType.Int32;
            comm.Parameters.Add(param);
            DataTable table = GenericDataAccess.ExecuteSelectCommand(comm);
            return table;

        }
        /// <summary>
        /// 获取全部用户的编号及ParentID
        /// </summary>
       /// <returns></returns>
        public static DataTable GetAllUserIDAndParentID()
        {

            DbCommand comm = GenericDataAccess.CreateCommand();
            comm.CommandText = "GetAllUserIDAndParentID";
            DataTable table = GenericDataAccess.ExecuteSelectCommand(comm);
            return table;

        }
        /// <summary>
        /// 根据用户编号得到用户对应角色编号
        /// </summary>
        /// <param name="UserID"></param>
        /// <returns></returns>
        public static DataTable GetRoleIDByUserID(int UserID)
        {
            DbCommand comm = GenericDataAccess.CreateCommand();
            comm.CommandText = "GetRoleIDByUserID";
            DbParameter param = comm.CreateParameter();
            param.ParameterName = "@UserID";
            param.Value = UserID;
            param.DbType = DbType.Int32;
            comm.Parameters.Add(param);
            DataTable table = GenericDataAccess.ExecuteSelectCommand(comm);
            return table;

        }
        /// <summary>
        /// 删除用户编号为UserID的 编号为ActionID的权限
        /// </summary>
        /// <param name="UserID">用户编号</param>
        /// <param name="ActionID">要删除用户 的权限的编号</param>
        public static void CutActionFromUserByUserID(int UserID , int ActionID)
        {
            // get a configured DbCommand object
            DbCommand comm = GenericDataAccess.CreateCommand();
            // set the stored procedure name
            comm.CommandText = "CutActionFromUserByUserID";
            // create a new parameter
            DbParameter param = comm.CreateParameter();
            param.ParameterName = "@UserID";
            param.Value = UserID;
            param.DbType = DbType.Int32;
            comm.Parameters.Add(param);

            param = comm.CreateParameter();
            param.ParameterName = "@ActionID";
            param.Value = ActionID;
            param.DbType = DbType.Int32;
            comm.Parameters.Add(param);

            // return the results
            GenericDataAccess.ExecuteNonQuery(comm);
        }

     }

    
}